From f62d9fc550bed02e47034073879971a8ffcb0313 Mon Sep 17 00:00:00 2001
From: Signum21 <matteo.gaeta.1998@gmail.com>
Date: Sat, 31 May 2025 04:56:14 +0200
Subject: [PATCH] Fix System.Security.Principal.IdentityNotMappedException in
 Vulnerable Leaked Handlers

---
 winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs        |  2 +-
 .../winPEAS/Info/ProcessInfo/ProcessesInfo.cs         | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
index f798d51..76fc8bd 100644
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
@@ -81,7 +81,7 @@ namespace winPEAS.Helpers
        /---------------------------------------------------------------------------------\
        |                             {1}Do you like PEASS?{0}                                  |
        |---------------------------------------------------------------------------------| 
-       |         {3}Learn Cloud Hacking{0}       :     {2}training.hacktricks.xyz {0}                 |
+       |         {3}Learn Cloud Hacking{0}       :     {2}training.hacktricks.xyz {0}                |
        |         {3}Follow on Twitter{0}         :     {2}@hacktricks_live{0}                        |
        |         {3}Respect on HTB{0}            :     {2}SirBroccoli            {0}                 |
        |---------------------------------------------------------------------------------|
diff --git a/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs b/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
index 9d6ab25..22ebb46 100644
--- a/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
@@ -195,11 +195,11 @@ namespace winPEAS.Info.ProcessInfo
                                 continue;
 
                             List<string> permsFile = PermissionsHelper.GetPermissionsFile(sFilePath, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
+                            IdentityReference sid = null;
                             try
                             {
                                 System.Security.AccessControl.FileSecurity fs = System.IO.File.GetAccessControl(sFilePath);
-                                IdentityReference sid = fs.GetOwner(typeof(SecurityIdentifier));
-                                string ownerName = sid.Translate(typeof(NTAccount)).ToString();
+                                sid = fs.GetOwner(typeof(SecurityIdentifier));
 
                                 // If current user already have permissions over that file or the proc belongs to the owner of the file,
                                 // handler not interesting to elevate privs
@@ -207,6 +207,8 @@ namespace winPEAS.Info.ProcessInfo
                                     continue;
 
                                 to_add["File Path"] = sFilePath;
+
+                                string ownerName = sid.Translate(typeof(NTAccount)).ToString();
                                 to_add["File Owner"] = ownerName;
                             }
                             catch (System.IO.FileNotFoundException)
@@ -218,7 +220,10 @@ namespace winPEAS.Info.ProcessInfo
                             {
                                 continue;
                             }
-
+                            catch (System.Security.Principal.IdentityNotMappedException)
+                            {
+                                to_add["File Owner"] = sid.ToString();
+                            }
                         }
 
                         else if (typeName == "key")